Jump to content

Antivirus 2009


JamieK

Recommended Posts

Forgive me, but I'm a computer newbie here. Heres what I have so far...

I run Malwarebytes scan and delete everything that it comes back with. Restart and computer works fine for a short while. Then the pop-ups start again, most directing me to Antivirus 2009.

Can't download Spybot. Box pops up saying my security settings doesn't allow this. BTW, also will not open Hotmail messages. Did not start this till after I acquired the spyware

Here are my logs immediately after running Malwarebytes and deleted affected files.

MBAM scan...

Malwarebytes' Anti-Malware 1.30

Database version: 1455

Windows 5.1.2600 Service Pack 3

12/6/2008 11:28:39 AM

mbam-log-2008-12-06 (11-28-28).txt

Scan type: Quick Scan

Objects scanned: 62451

Time elapsed: 6 minute(s), 36 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\foyidigimi (Trojan.Agent) -> No action taken.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

----------------------------------------------------------------------------------------------------------

Panda Active Scan...

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-12-06 10:31:46

PROTECTIONS: 1

MALWARE: 73

SUSPECTS: 4

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

Windows Defender 1.1.4104.0 No No

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@trafficmp[1].txt

00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Local Settings\Temp\Cookies\mercedes@trafficmp[2].txt

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@casalemedia[1].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@doubleclick[2].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Local Settings\Temp\Cookies\mercedes@doubleclick[1].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Local Settings\Temp\Cookies\mercedes@atdmt[1].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@atdmt[1].txt

00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@247realmedia[1].txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[2].txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Local Settings\Temp\Cookies\mercedes@tribalfusion[1].txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@tribalfusion[1].txt

00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@mediaplex[1].txt

00167430 Cookie/myaffiliateprogram TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@www.myaffiliateprogram[1].txt

00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@com[1].txt

00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Local Settings\Temp\Cookies\mercedes@com[1].txt

00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@xiti[1].txt

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@statcounter[1].txt

00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@perf.overture[1].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@ad.yieldmanager[2].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Local Settings\Temp\Cookies\mercedes@ad.yieldmanager[2].txt

00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@apmebf[2].txt

00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Local Settings\Temp\Cookies\mercedes@burstnet[2].txt

00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@burstnet[2].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@serving-sys[3].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@serving-sys[2].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@bs.serving-sys[1].txt

00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@www.burstbeacon[2].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@advertising[1].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@advertising[1].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Local Settings\Temp\Cookies\mercedes@advertising[1].txt

00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@adrevolver[1].txt

00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@statse.webtrendslive[2].txt

00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Local Settings\Temp\Cookies\mercedes@statse.webtrendslive[2].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@ads.pointroll[2].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@ads.pointroll[2].txt

00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@realmedia[1].txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[2].txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@questionmarket[2].txt

00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@zedo[1].txt

00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@zedo[2].txt

00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Local Settings\Temp\Cookies\mercedes@zedo[1].txt

00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@bluestreak[1].txt

00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@adrevolver[3].txt

00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Local Settings\Temp\Cookies\mercedes@target[1].txt

00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Cookies\mercedes@atwola[2].txt

00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\mercedes\Local Settings\Temp\Cookies\mercedes@atwola[1].txt

00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_535842273236.bk

00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_89776722911.bk

00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_874762533151.bk

00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_128934327310.bk

00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_136505215861.bk

00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_874020292801.bk

00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_14371778623.bk

00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_144848868885.bk

00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_148329836752.bk

00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_152231666639.bk

00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_161903652566.bk

00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_189660108725.bk

00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_862433146000.bk

00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_860608777112.bk

00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_840800513171.bk

00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_779457377344.bk

00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_767633656454.bk

00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_762292836773.bk

00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_280118583200.bk

00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_70399531758.bk

00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_683804286359.bk

00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_637888247826.bk

00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_303056494356.bk

00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_314703715848.bk

00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_625307573815.bk

00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_594073756767.bk

00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_341055408807.bk

00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_591736317705.bk

00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_556162533808.bk

00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_353287663239.bk

00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_355223715749.bk

00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_370803678003.bk

00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_395514226880.bk

00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_579392535283.bk

00456128 Trj/Agent.KGN Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_492935543127.bk

03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\WINDOWS\system32\cfexfst.sys

03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\WINDOWS\system32\udxfytw.sys

03689555 Adware/AccesMembre Adware No 0 Yes No C:\WINDOWS\system32\oduxftw.sys

03957249 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_800399511374.bk

03957249 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_530379396844.bk

03974384 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_647775526466.bk

03974384 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_8010548914.bk

03978104 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_697634702050.bk

03978104 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_328392607444.bk

03979301 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_436603443840.bk

03979301 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_11121780611.bk

03979747 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_226227596976.bk

03979747 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_380089540018.bk

03983235 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_453658514383.bk

03983235 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_379647817646.bk

03990615 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_113715694771.bk

03997175 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_33375297218.bk

04002833 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_605394674751.bk

04003655 Generic Backdoor Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmp0_437759243043.bk.old

04050238 Generic Trojan Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_86290856820.bk

04050238 Generic Trojan Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_826921125323.bk

04065243 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_41106063122.bk

04065243 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_737683259459.bk

04065243 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_73128374677.bk

04066887 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_43674933710.bk

04078530 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_397467891942.bk

04078530 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_350727806895.bk

04079098 Adware/AccesMembre Adware No 0 Yes No C:\WINDOWS\system32\fduvfct.sys

04079109 Adware/AccesMembre Adware No 0 Yes No C:\WINDOWS\system32\xdufytw.sys

04084609 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_515828661131.bk

04084609 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_15997339982.bk

04086560 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_621436809986.bk

04086560 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_283504221541.bk

04086560 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_258435853187.bk

04114744 Generic Trojan Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_659357327962.bk

04114744 Generic Trojan Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_749610201232.bk

04119272 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_298193490211.bk

04119272 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_233659564768.bk

04119272 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_82512397490.bk

04123578 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_20765835537.bk

04123578 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_286894719977.bk

04126890 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_799774591180.bk

04129413 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_55008391153.bk

04132780 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_561760703762.bk

04132780 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_777441796483.bk

04133783 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_686906341809.bk

04133783 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_345391432521.bk

04133783 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_502531124176.bk

04150854 Generic Trojan Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_465186877580.bk

04150899 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_735454409576.bk

04150899 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_731074378351.bk

04157305 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_266639482319.bk

04160496 Generic Trojan Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_76630492908.bk

04160496 Generic Trojan Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_718993575284.bk

04186262 Generic Trojan Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_871305740577.bk

04199614 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_190149869478.bk

04199614 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_680888674233.bk

04199644 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_22453857698.bk

04251170 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\WINDOWS\system32\tmpxr_564300304958.bk

04251176 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\WINDOWS\system32\tmpxr_143548611230.bk

04279215 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_7932293085.bk

04279947 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_558049565916.bk

04279947 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_507042550548.bk

04280817 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_480738641824.bk

04280817 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_600861615418.bk

04281422 Trj/Downloader.MDW Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_888846169283.bk

04281422 Trj/Downloader.MDW Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_57857032587.bk

04281440 Trj/Downloader.MDW Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_19922216147.bk

04281440 Trj/Downloader.MDW Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_309698473179.bk

04281474 Trj/Downloader.MDW Virus/Trojan No 0 Yes No C:\WINDOWS\system32\tmpxr_7755611560.bk

04289157 Generic Trojan Virus/Trojan No 0 Yes No C:\Documents and Settings\mercedes\Local Settings\Temp\Temporary Internet Files\Content.IE5\KB3FAOTL\A9installer_770522169011[1].exe

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location "

;===============================================================================

================================================================================

=

===================

No C:\Documents and Settings\mercedes\Local Settings\Temporary Internet Files\Content.IE5\ED1Q7UH4\InstallAVv_770522169011[1].exe

No C:\Program Files\WinRAR\Default.SFX "

No C:\WINDOWS\system32\tmpxr_18990228120.bk "

No C:\WINDOWS\system32\tmpxr_49624638698.bk "

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description "

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

---------------------------------------------------------------------------------------------------------------

Hijack this scan...

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:41:03 AM, on 12/6/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe

C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe

C:\opt\MBCASE\pm\bin\mcp.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\PROGRA~1\N-ABLE~1\WINDOW~1\winagent.exe

C:\PROGRA~1\N-ABLE~1\WINDOW~1\AssetDiscoveryLocal.exe

C:\PROGRA~1\N-ABLE~1\WINDOW~1\winagentwatchdog.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\Program Files\smartagent\bin\sprtsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\smartagent\bin\tgsrvc.exe

c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\system32\cmd.exe

C:\opt\MBCASE\pm\bin\cmserver.exe

C:\opt\MBCASE\pm\bin\lic_srv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\ICO.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\IBMTOOLS\UTILS\ibmprc.exe

C:\WINDOWS\system32\FSRremoS.EXE

C:\WINDOWS\system32\Pelmiced.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\IBM\Messages By IBM\ibmmessages.exe

C:\Program Files\Microsoft ActiveSync\Wcescomm.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\WINDOWS\system32\cmd.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPWin.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\Documents and Settings\mercedes\My Documents\HijackThis.exe

O1 - Hosts: 12.44.59.46 ppa-extra.ndc.daimlerchrysler.com

O2 - BHO: (no name) - {0EAA09D0-67C1-4FA5-85F3-4C602082F4B8} - C:\WINDOWS\system32\tuvUOHax.dll (file missing)

O2 - BHO: (no name) - {61d332c5-04c9-4571-a44e-bfa175cd2429} - C:\WINDOWS\system32\sagenumi.dll (file missing)

O2 - BHO: (no name) - {75A0D0D7-9B92-4245-9884-CB8C0D3E92FC} - C:\WINDOWS\system32\byXopoLF.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [F-PROT Antivirus Tray application] C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [updateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [uC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [sSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE

O4 - HKLM\..\Run: [iBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [foyidigimi] Rundll32.exe "C:\WINDOWS\system32\lininofa.dll",s

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [Twain] C:\Documents and Settings\mercedes\Application Data\Twain\Twain.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [JAVA_IBM] Java (IBM)

O15 - Trusted Zone: http://www.download.com

O15 - Trusted Zone: *.hotmail.com

O15 - Trusted Zone: *.live.com

O15 - Trusted Zone: *.msn.com

O15 - Trusted Zone: *.passport.com

O16 - DPF: {00906302-0F14-442C-B39C-275F61BC25BC} (atSdaCfg Control) - file://D:\autorun\atSdaCfg.CAB

O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.33/g_bin/eng/cards_2_0_0_75.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {4E8AEBE0-31A6-43B0-A429-748DB14A70A0} (SysEngW2k Control) - file://D:\autorun\PC-CONFIG-CHECK.CAB

O16 - DPF: {97BB6657-DC7F-4489-9067-51FAB9D8857E} (CWebLaunchCtl Object) - http://supportcenter.mbnetstar.com/support.../weblaunch2.cab

O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx

O17 - HKLM\System\CCS\Services\Tcpip\..\{9FA2EFE1-7069-4A5E-80C6-2D201E44C34E}: NameServer = 10.100.100.10,192.168.100.2

O20 - AppInit_DLLs: C:\WINDOWS\system32\pularewi.dll

O23 - Service: F-PROT Antivirus for Windows system (FPAVServer) - FRISK Software International - C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe

O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe

O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)

O23 - Service: konfig - Unknown owner - C:\opt\MBCASE\pm\bin\mcp (file missing)

O23 - Service: license - Unknown owner - C:\opt\MBCASE\pm\bin\mcp (file missing)

O23 - Service: mcp - Unknown owner - C:\opt\MBCASE\pm\bin\mcp (file missing)

O23 - Service: Windows Agent (N-able Technologies Windows Agent) - N-able Technologies - C:\PROGRA~1\N-ABLE~1\WINDOW~1\winagent.exe

O23 - Service: AssetDiscovery Local (N-able Technologies Windows Agent Asset Discovery) - N-able Technologies - C:\PROGRA~1\N-ABLE~1\WINDOW~1\AssetDiscoveryLocal.exe

O23 - Service: Windows Agent Watchdog (N-able Technologies Windows Agent Watchdog) - N-able Technologies - C:\PROGRA~1\N-ABLE~1\WINDOW~1\winagentwatchdog.exe

O23 - Service: noxtcyr Corporation inc. (noxtcyr) - Unknown owner - C:\WINDOWS\system32\noxtcyr.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)

O23 - Service: roxtctm Co. Ltd. (roxtctm) - Unknown owner - C:\WINDOWS\system32\roxtctm.exe (file missing)

O23 - Service: solewxte Service (solewxte) - Unknown owner - C:\WINDOWS\system32\solewxte.exe (file missing)

O23 - Service: sotpeca Settings storage service (sotpeca) - Unknown owner - C:\WINDOWS\system32\sotpeca.exe (file missing)

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: SupportSoft Sprocket Service (smartagent) (sprtsvc_smartagent) - SupportSoft, Inc. - C:\Program Files\smartagent\bin\sprtsvc.exe

O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: SupportSoft Repair Service (smartagent) (tgsrvc_smartagent) - SupportSoft, Inc. - C:\Program Files\smartagent\bin\tgsrvc.exe

--

End of file - 9633 bytes

-----------------------------------------------------------------------------------------------------------

Please help me!!!!!!!!!!!! This is my work computer so I will be back with results Monday.

Jamie

P.S. Please assure me there is a special place in he!! for whoever invented spyware!

Link to post
Share on other sites

Hi. :)

Open open notepad and copy and paste in the following:

MD "%USERPROFILE%"\desktop\malware
xcopy C:\WINDOWS\system32\tmpxr_535842273236.bk "%USERPROFILE%"\desktop\malware /c /q /r /h /yxcopy C:\WINDOWS\system32\tmp0_437759243043.bk.old "%USERPROFILE%"\desktop\malware /c /q /r /h /yxcopy C:\WINDOWS\system32\cfexfst.sys "%USERPROFILE%"\desktop\malware /c /q /r /h /yxcopy C:\WINDOWS\system32\udxfytw.sys "%USERPROFILE%"\desktop\malware /c /q /r /h /yxcopy C:\WINDOWS\system32\oduxftw.sys "%USERPROFILE%"\desktop\malware /c /q /r /h /yxcopy C:\WINDOWS\system32\fduvfct.sys "%USERPROFILE%"\desktop\malware /c /q /r /h /yxcopy C:\WINDOWS\system32\xdufytw.sys "%USERPROFILE%"\desktop\malware /c /q /r /h /yxcopy "C:\Documents and Settings\mercedes\Local Settings\Temp\Temporary Internet Files\Content.IE5\KB3FAOTL\A9installer_770522169011[1].exe" "%USERPROFILE%"\desktop\malware /c /q /r /h /y
Attrib -s -r -h "%USERPROFILE%"\desktop\malware\*.*

Save it as getmalware.bat to the desktop and double-click on it to run it. It will create a folder called malware on your desktop. Please zip up this folder. Attach that zipped file here in a new topic with a link to this thread. I will get back to you once they have been analyzed.

Link to post
Share on other sites

Hmm, so far, so good. No more popups today.

Heres the log...

Malwarebytes' Anti-Malware 1.31

Database version: 1488

Windows 5.1.2600 Service Pack 3

12/11/2008 8:59:36 AM

mbam-log-2008-12-11 (08-59-36).txt

Scan type: Quick Scan

Objects scanned: 64252

Time elapsed: 21 minute(s), 57 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Well, its been several days with no signs of pop-ups (knock on wood). I just want to thank everyone for their help in this. Heres my latest HJT scan...

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:45:59 PM, on 12/15/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\ICO.EXE

C:\IBMTOOLS\UTILS\ibmprc.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\IBM\Messages By IBM\ibmmessages.exe

C:\Program Files\Microsoft ActiveSync\Wcescomm.exe

C:\WINDOWS\system32\FSRremoS.EXE

C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe

C:\WINDOWS\system32\Pelmiced.exe

C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe

C:\opt\MBCASE\pm\bin\mcp.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\PROGRA~1\N-ABLE~1\WINDOW~1\winagent.exe

C:\PROGRA~1\N-ABLE~1\WINDOW~1\AssetDiscoveryLocal.exe

C:\PROGRA~1\N-ABLE~1\WINDOW~1\winagentwatchdog.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\Program Files\smartagent\bin\sprtsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\smartagent\bin\tgsrvc.exe

c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\system32\cmd.exe

C:\opt\MBCASE\pm\bin\cmserver.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\cmd.exe

C:\opt\MBCASE\pm\bin\lic_srv.exe

C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe

C:\Program Files\Adp\ws2000\ws2000.exe

C:\Program Files\ADP\websuite TE\BZVT.EXE

C:\Program Files\ADP\webSuite TE\BZVBA.EXE

C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\Documents and Settings\mercedes\My Documents\HijackThis.exe

O1 - Hosts: 12.44.59.46 ppa-extra.ndc.daimlerchrysler.com

O2 - BHO: (no name) - {0EAA09D0-67C1-4FA5-85F3-4C602082F4B8} - C:\WINDOWS\system32\tuvUOHax.dll (file missing)

O2 - BHO: (no name) - {75A0D0D7-9B92-4245-9884-CB8C0D3E92FC} - C:\WINDOWS\system32\byXopoLF.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [F-PROT Antivirus Tray application] C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [updateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [uC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [sSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE

O4 - HKLM\..\Run: [iBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [Twain] C:\Documents and Settings\mercedes\Application Data\Twain\Twain.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [JAVA_IBM] Java (IBM)

O15 - Trusted Zone: http://www.download.com

O15 - Trusted Zone: *.hotmail.com

O15 - Trusted Zone: *.live.com

O15 - Trusted Zone: *.msn.com

O15 - Trusted Zone: *.passport.com

O16 - DPF: {00906302-0F14-442C-B39C-275F61BC25BC} (atSdaCfg Control) - file://D:\autorun\atSdaCfg.CAB

O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.33/g_bin/eng/cards_2_0_0_75.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {4E8AEBE0-31A6-43B0-A429-748DB14A70A0} (SysEngW2k Control) - file://D:\autorun\PC-CONFIG-CHECK.CAB

O16 - DPF: {97BB6657-DC7F-4489-9067-51FAB9D8857E} (CWebLaunchCtl Object) - http://supportcenter.mbnetstar.com/support.../weblaunch2.cab

O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx

O17 - HKLM\System\CCS\Services\Tcpip\..\{9FA2EFE1-7069-4A5E-80C6-2D201E44C34E}: NameServer = 10.100.100.10,192.168.100.2

O20 - AppInit_DLLs: ,

O23 - Service: F-PROT Antivirus for Windows system (FPAVServer) - FRISK Software International - C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe

O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe

O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)

O23 - Service: konfig - Unknown owner - C:\opt\MBCASE\pm\bin\mcp (file missing)

O23 - Service: license - Unknown owner - C:\opt\MBCASE\pm\bin\mcp (file missing)

O23 - Service: mcp - Unknown owner - C:\opt\MBCASE\pm\bin\mcp (file missing)

O23 - Service: Windows Agent (N-able Technologies Windows Agent) - N-able Technologies - C:\PROGRA~1\N-ABLE~1\WINDOW~1\winagent.exe

O23 - Service: AssetDiscovery Local (N-able Technologies Windows Agent Asset Discovery) - N-able Technologies - C:\PROGRA~1\N-ABLE~1\WINDOW~1\AssetDiscoveryLocal.exe

O23 - Service: Windows Agent Watchdog (N-able Technologies Windows Agent Watchdog) - N-able Technologies - C:\PROGRA~1\N-ABLE~1\WINDOW~1\winagentwatchdog.exe

O23 - Service: noxtcyr Corporation inc. (noxtcyr) - Unknown owner - C:\WINDOWS\system32\noxtcyr.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)

O23 - Service: roxtctm Co. Ltd. (roxtctm) - Unknown owner - C:\WINDOWS\system32\roxtctm.exe (file missing)

O23 - Service: solewxte Service (solewxte) - Unknown owner - C:\WINDOWS\system32\solewxte.exe (file missing)

O23 - Service: sotpeca Settings storage service (sotpeca) - Unknown owner - C:\WINDOWS\system32\sotpeca.exe (file missing)

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: SupportSoft Sprocket Service (smartagent) (sprtsvc_smartagent) - SupportSoft, Inc. - C:\Program Files\smartagent\bin\sprtsvc.exe

O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: SupportSoft Repair Service (smartagent) (tgsrvc_smartagent) - SupportSoft, Inc. - C:\Program Files\smartagent\bin\tgsrvc.exe

--

End of file - 9638 bytes

Link to post
Share on other sites

Still not clean yet.

Open HijackThis and put a check next to these:

O2 - BHO: (no name) - {0EAA09D0-67C1-4FA5-85F3-4C602082F4B8} - C:\WINDOWS\system32\tuvUOHax.dll (file missing)

O2 - BHO: (no name) - {75A0D0D7-9B92-4245-9884-CB8C0D3E92FC} - C:\WINDOWS\system32\byXopoLF.dll (file missing)

O16 - DPF: {00906302-0F14-442C-B39C-275F61BC25BC} (atSdaCfg Control) - file://D:\autorun\atSdaCfg.CAB

O16 - DPF: {4E8AEBE0-31A6-43B0-A429-748DB14A70A0} (SysEngW2k Control) - file://D:\autorun\PC-CONFIG-CHECK.CAB

O23 - Service: noxtcyr Corporation inc. (noxtcyr) - Unknown owner - C:\WINDOWS\system32\noxtcyr.exe (file missing)

O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)

O23 - Service: roxtctm Co. Ltd. (roxtctm) - Unknown owner - C:\WINDOWS\system32\roxtctm.exe (file missing)

O23 - Service: solewxte Service (solewxte) - Unknown owner - C:\WINDOWS\system32\solewxte.exe (file missing)

O23 - Service: sotpeca Settings storage service (sotpeca) - Unknown owner - C:\WINDOWS\system32\sotpeca.exe (file missing)

Click Fix Checked and close HJT.

Restart your computer, update MBAM, and run a scan, and post that and a new HJT log please.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.